On Thursday evening (February 17,2023), an exploit took place on Platypus Blockchain, a DeFi stablecoin swapping protocol operating on Avalanche, resulting in the loss of $8.5 million. The attack was executed through a flashloan, which capitalized on a vulnerability in the USP solvency check mechanism. The smart contracts of Platypus were deceived into believing that the USP stabletoken was completely backed, leading to the exploit.
Following the attack, members of the cryptocurrency community collaborated to retrieve the lost funds. ZachXBT, a crypto scam investigator, stated on Twitter that he traced the attacker’s wallet address by examining their chain history across various chains. ZachXBT also revealed that the attacker’s OpenSea account was directly linked to their Twitter account, and they had liked a tweet regarding the Platypus exploit.
30 minutes later, Platypus’s team announced that they could successfully recover 2.4 million USDC from the attacked contract.
In pursuit of enhancing capital efficiency for its users, Platypus introduced a protocol-native stablecoin, USP, last year. This development aimed to address persistent collateral problems linked to stablecoins. Additionally, the introduction of the native Platypus Finance stablecoin was intended to combat the issue of liquidity fragmentation and scattered assets that have been prevalent in numerous protocols. The platform’s objective is to provide a seamless and unified ecosystem for its users.
